DCM-GIFT: An Android malware dynamic classification method based on gray-scale image and feature-selection tree

IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Jinfu Chen , Zian Zhao , Saihua Cai , Xiao Chen , Bilal Ahmad , Luo Song , Kun Wang
{"title":"DCM-GIFT: An Android malware dynamic classification method based on gray-scale image and feature-selection tree","authors":"Jinfu Chen ,&nbsp;Zian Zhao ,&nbsp;Saihua Cai ,&nbsp;Xiao Chen ,&nbsp;Bilal Ahmad ,&nbsp;Luo Song ,&nbsp;Kun Wang","doi":"10.1016/j.infsof.2024.107560","DOIUrl":null,"url":null,"abstract":"<div><h3>Context:</h3><p>The boom of Android market makes mobile products more popular and convenient. However, in the face of the complex Android application market, how to efficiently and accurately identify malware has become one of the focuses of research. Various new types of disguised malware lurk in the web pages, links and major application malls. Therefore, people’s privacy and property security have become a major obstacle to the continued development of mobile devices.</p></div><div><h3>Objective:</h3><p>Most of the existing malware classification methods are fixed on one or several types of characteristics of Android devices, such as static characteristics, dynamic characteristics and traffic characteristics. Single feature detection or fixed feature fusion models limit the dimension of detection software, and also cause imbalanced classification results. This paper proposes an Android Malware Dynamic Classification Method based on Gray-scale Image and Feature-selection Tree (DCM-GIFT), which aims to improve and stabilize the precision of Android software classification and enhance the robustness of malware classification.</p></div><div><h3>Method:</h3><p>In this paper, we construct gray-scale images for the original Android traffic to retain the characteristics of the time series and spatial structure of the original network traffic. At the same time, we take the dynamic information and static information of Android software as auxiliary features to build a feature selection tree. The feature-selection algorithm helps the classifier dynamically select the optimal feature fusion scheme, and the resulting fusion feature vector will be trained and predicted using machine learning clusters for model training.</p></div><div><h3>Results:</h3><p>We evaluate the performance of DCM-GIFT on multiple datasets published at the Canadian Institute for Cybersecurity, the area under the accuracy, precision, recall and <span><math><mrow><mi>F</mi><msub><mrow><mn>1</mn></mrow><mrow><mi>m</mi><mi>e</mi><mi>a</mi><mi>s</mi><mi>u</mi><mi>r</mi><mi>e</mi></mrow></msub></mrow></math></span>. The results show that the proposed DCM-GIFT model has significantly better prediction performance compared to other software classification models.</p></div><div><h3>Conclusion:</h3><p>It can be concluded that: (1) In terms of accuracy, precision, recall and <span><math><mrow><mi>F</mi><msub><mrow><mn>1</mn></mrow><mrow><mi>m</mi><mi>e</mi><mi>a</mi><mi>s</mi><mi>u</mi><mi>r</mi><mi>e</mi></mrow></msub></mrow></math></span>, the DCM-GIFT model has a higher average value. (2) The DCM-GIFT model effectively solves the problem of imbalanced classification results in Android software. (3) The DCM-GIFT model achieves the goal of dynamic feature fusion and significantly improves the utilization of system resources.</p></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"176 ","pages":"Article 107560"},"PeriodicalIF":3.8000,"publicationDate":"2024-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Software Technology","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0950584924001654","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Context:

The boom of Android market makes mobile products more popular and convenient. However, in the face of the complex Android application market, how to efficiently and accurately identify malware has become one of the focuses of research. Various new types of disguised malware lurk in the web pages, links and major application malls. Therefore, people’s privacy and property security have become a major obstacle to the continued development of mobile devices.

Objective:

Most of the existing malware classification methods are fixed on one or several types of characteristics of Android devices, such as static characteristics, dynamic characteristics and traffic characteristics. Single feature detection or fixed feature fusion models limit the dimension of detection software, and also cause imbalanced classification results. This paper proposes an Android Malware Dynamic Classification Method based on Gray-scale Image and Feature-selection Tree (DCM-GIFT), which aims to improve and stabilize the precision of Android software classification and enhance the robustness of malware classification.

Method:

In this paper, we construct gray-scale images for the original Android traffic to retain the characteristics of the time series and spatial structure of the original network traffic. At the same time, we take the dynamic information and static information of Android software as auxiliary features to build a feature selection tree. The feature-selection algorithm helps the classifier dynamically select the optimal feature fusion scheme, and the resulting fusion feature vector will be trained and predicted using machine learning clusters for model training.

Results:

We evaluate the performance of DCM-GIFT on multiple datasets published at the Canadian Institute for Cybersecurity, the area under the accuracy, precision, recall and F1measure. The results show that the proposed DCM-GIFT model has significantly better prediction performance compared to other software classification models.

Conclusion:

It can be concluded that: (1) In terms of accuracy, precision, recall and F1measure, the DCM-GIFT model has a higher average value. (2) The DCM-GIFT model effectively solves the problem of imbalanced classification results in Android software. (3) The DCM-GIFT model achieves the goal of dynamic feature fusion and significantly improves the utilization of system resources.

DCM-GIFT:基于灰度图像和特征选择树的安卓恶意软件动态分类方法
背景:安卓市场的蓬勃发展使移动产品更加普及和便捷。然而,面对纷繁复杂的安卓应用市场,如何高效、准确地识别恶意软件成为研究的重点之一。各种新型伪装的恶意软件潜伏在网页、链接和各大应用商城中。因此,人们的隐私和财产安全已成为移动设备持续发展的一大障碍。目标:现有的恶意软件分类方法大多固定在安卓设备的一类或几类特征上,如静态特征、动态特征和流量特征等。单一特征检测或固定特征融合模型限制了检测软件的维度,也会造成分类结果的不平衡。本文提出了一种基于灰度图像和特征选择树(DCM-GIFT)的安卓恶意软件动态分类方法,旨在提高和稳定安卓软件分类的精度,增强恶意软件分类的鲁棒性。同时,将安卓软件的动态信息和静态信息作为辅助特征,构建特征选择树。结果:我们在加拿大网络安全研究所发布的多个数据集上评估了DCM-GIFT的性能,包括准确率、精确率、召回率和F1measure下的区域。结果表明,与其他软件分类模型相比,所提出的 DCM-GIFT 模型具有明显更好的预测性能:(1) 在准确度、精确度、召回率和 F1measure 方面,DCM-GIFT 模型的平均值更高。(2)DCM-GIFT 模型有效解决了安卓软件分类结果不平衡的问题。(3) DCM-GIFT 模型实现了动态特征融合的目标,显著提高了系统资源的利用率。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Information and Software Technology
Information and Software Technology 工程技术-计算机:软件工程
CiteScore
9.10
自引率
7.70%
发文量
164
审稿时长
9.6 weeks
期刊介绍: Information and Software Technology is the international archival journal focusing on research and experience that contributes to the improvement of software development practices. The journal''s scope includes methods and techniques to better engineer software and manage its development. Articles submitted for review should have a clear component of software engineering or address ways to improve the engineering and management of software development. Areas covered by the journal include: • Software management, quality and metrics, • Software processes, • Software architecture, modelling, specification, design and programming • Functional and non-functional software requirements • Software testing and verification & validation • Empirical studies of all aspects of engineering and managing software development Short Communications is a new section dedicated to short papers addressing new ideas, controversial opinions, "Negative" results and much more. Read the Guide for authors for more information. The journal encourages and welcomes submissions of systematic literature studies (reviews and maps) within the scope of the journal. Information and Software Technology is the premiere outlet for systematic literature studies in software engineering.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信